Tools

Channel Area

Service Product Area

Forum Affairs

Method used to configure a IPSec policy template on the AR

23

Huawei AR routers support IPSec tunnels by configuring an IPSec policy template. For details about the configuration, see "Example for Establishing Multiple IPSec Tunnels Between the Headquarters and Branches Using the IPSec Policy Template" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

When an IPSec policy template is used to configure IPSec policies, the configuration workload for establishing multiple IPSec tunnels can be reduced. This IPSec policy configuration mode is often used in the headquarters in scenarios where the remote IP address is not fixed (for example, the remote end obtains an IP address through PPPoE) or there are multiple remote devices.

Other related questions:

Huawei AR series routers can dynamically obtain IP addresses from a service provider to access public network using a 3G interface, and establish IPSec connections with the headquarters. This function applies to V200R002C00 and later versions and all models of the AR. For details, see Typical Configuration Examples.

L2TP over IPSec can be used to ensure secure communication between the branch and headquarters. This function is applicable to all versions and models of AR series routers. L2TP over IPSec can be used to ensure secure communication between the LAC and LNS.
For details, see Configuration Guide-VPN.

Huawei AR routers support interworking between devices through GRE over IPSec and IPSec over GRE. GRE over IPSec is supported by all AR models and versions, whereas IPSec over GRE is supported only by AR models that run V200R005C10 or later versions.
For details on how to configure IPSec over GRE, see "Example for Configuring L2TP Over IPSec to Implement Secure Communication Between the Branch and Headquarters" of "Using VPN to Implement WAN Interconnection-GRE" in Product Documentation.
For details on how to configure GRE over IPSec, see "Example for Configuring GRE Over IPSec to Implement Communication Between Devices", "Example for Configuring OSPF and GRE Over IPSec to Implement Communication Between the Branch and Headquarters", and "Example for Configuring GRE Over IPSec to Implement Communication Between the Branches and Headquarters and NAT to Implement Communication Between Branches (Running OSPF)" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

Huawei AR routers support the VRRP configuration in the headquarters when an IPSec tunnel is set up between the headquarters and branch. When the master gateway router of the headquarters is faulty, services are automatically switched to the backup gateway. For details, see "Example for Configuring VRRP in the Headquarters to Allow the Branch to Establish an IPSec Tunnel with the Headquarters Using the VRRP Virtual Address" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples. In other scenarios, check whether the disconnected IPSec connection is caused by the cable. In this case, the IPSec connection cannot be automatically reestablished.